18215MES@MSU.BITNET (08/10/90)
Hi Folks, There seems to be some debate here as to which app is the best for protecting ones MACs from those nasty viruses. I think that the init which comes with Disinfectant 2.0 is quite sufficient for my and the MACs I oversee. However, at a recent meeting of the Appletalk (Ethertalk) users group here on campus, others seemed to favor SAM. It checks floppies when you put them into the MAC, and apparently the company which produces the product sends out postcards to the purchasers informing them of new viruses, and how to configure SAM to fight the new virus. I feel that a regular check on the net for new versions of Disinfectant - and postings about new viruses - is sufficient, and besides, it works quite well, and best of all IT's Free! What do others out there think? :) Mark Sartor, 221 ag hall, msu, E. Lansing mi (18215mes@msu.bitnet)
3XMQGAA@CMUVM.BITNET (Sari Khoury) (08/10/90)
I feel that there is no comparison between disinfectant and SAM: 1) You don't have to pay for Disinfectant 2) No site license fees for computer labs and networks 3) The 4 K Init saves a TON of RAM compared to SAM's INIT 4) Disinfectant is continually updated the minute a new virus comes out. 5) No wondering whether the SAM update postcard got lost in the mail. There's my 2 cents on it. ------------------------------------------------------------------- Sari Khoury 3XMQGAA@CMUVM.BITNET Art Department skhoury@postcard.engin.umich.edu Central Michigan University bushido!khoury@umich.edu Mt. Pleasant, MI 48858
gaynor@hpuxa.ircc.ohio-state.edu (Jim Gaynor) (08/10/90)
In article <53318215MES@MSU> 18215MES@MSU.BITNET writes: >Hi Folks, >There seems to be some debate here as to which app is the best >for protecting ones MACs from those nasty viruses. >I think that the init which comes with Disinfectant 2.0 is >quite sufficient for my and the MACs I oversee. >However, at a recent meeting of the Appletalk (Ethertalk) users >group here on campus, others seemed to favor SAM. > [further about SAM's disk checking and "free" status about Disinfectant] I put together the "Macintosh Anti-Virus Disk" for Ohio State's Instruction and Research Computing Center (IRCC) for about 9 months or so. (Got a new job, now). This disk was distributed by the Customer Service desk on a disk-exchange basis - you bring in a blank, they'll give you a copy of the Anti-Virus disk. I always recommended Disinfectant, Gatekeeper, and Gatekeeper Aid to the users I spoke to, and the on-disk documentation I wrote said the same thing. Especially when one has net access. Why? A number or reasons. 1) They're free, but still well supported by the authors. (John, I'm told, works on Disinfectant under grant money these days). 2) No Site License hassles, and no worries about illegal copying. Joe User can give copies to as many of his friends as he likes. 3) After having worked with SAM and Virex, it is my -opinion- that Disinfectant and Gatekeeper are better written products, and I have seen fewer conflicts with other programs when using these free packages as opposed to the commercial ones. 4) Product upgrades with Disinfectant are -fast-; John gets it out the moment the virus is found. Commercial products often take weeks to be upgraded and distributed. And ftp is still more reliable than UPS. <grin> Those reasons are more than enough for me. And very few people, after I've spoken to them, have disagreed with me. A few did, and a few will. <sigh> Some folks never learn. <grin> -=- +-----------------------------------------------------------------------------+ | Jim Gaynor - The Ohio State Univ. - IRCC - Facilities Mgmt. - OCES <whew!> | | Email [gaynor@hpuxa.ircc.ohio-state.edu], [gaynor@agvax2.ag.ohio-state.edu] | |_ "Jim Gaynor explores The Land of VAXen! Will IRCC survive? Nahhh...." _|
francis@giza.cis.ohio-state.edu (RD Francis) (08/10/90)
In article <53318215MES@MSU> 18215MES@MSU.BITNET writes:
<There seems to be some debate here as to which app is the best
<for protecting ones MACs from those nasty viruses.
<I think that the init which comes with Disinfectant 2.0 is
<quite sufficient for my and the MACs I oversee.
<However, at a recent meeting of the Appletalk (Ethertalk) users
<group here on campus, others seemed to favor SAM. It checks floppies
<when you put them into the MAC, and apparently the company which
<produces the product sends out postcards to the purchasers informing
<them of new viruses, and how to configure SAM to fight the new virus.
<
<I feel that a regular check on the net for new versions of Disinfectant
< - and postings about new viruses - is sufficient, and besides,
<it works quite well, and best of all IT's Free!
I feel that the combination of GateKeeper Aid, GateKeeper,
Disinfectant, and Disinfectant Init are generally sufficient to
prevent/detect viral problems. Disinfectant tends to be the first
viral utility to be able to handle the effects of a new virus
(although, not infrequently, Virus Detective or other things like it
can detect viruses more quickly). Generally, those postcards won't
reach you as quickly as you could download the latest Disinfectant
from the net.
One advantage to commercial products: since you pay for them, they
have more incentive to continue to support their product.
One disadvantage: that still won't stop them from dropping it if it
is unprofitable, or from going out of business.
--
R David Francis francis@cis.ohio-state.eduswsh@ellis.uchicago.edu (Janet M. Swisher) (08/10/90)
Update times for Disinfectant and SAM are about the same, whether you've got net access or not. If you've got net access, you can download Disinfectant, or you can get the SAM virus definitions that Symantec posts to comp.virus. If you don't have net access, you're generally going to lag behind in either case if you don't have a finger on the pulse of the virus world (apologies for the mixed metaphors). I encounter people all the time who are still using Disinfectant 1.5 or 1.6. At least the SAM users get a postcard. I agree that for Joe User, the Disinfectant/Gatekeeper/Gatekeeper Aid combo is perfectly sufficient. The price/performance ratio can't be beat. SAM has a couple of features that I really like, namely the automatic floppy scanning and the dynamic exception learning. The latter is a great advantage over Gatekeeper, since it means you don't have to cancel what you were doing, go to the the control panel, add another program (hoping you spelled it right and checked the right boxes), and then restart what you were doing. Of course, it could be inadvertantly used by a novice to let a virus get through, and I hear it's not entirely perfect (but if you're doing MPW compiles, you're asking for trouble anyway :-) ). However, my employer paid for SAM, and work is where I use it. If the money were coming out of my pocketbook, I'd probably stick with D/G/GA. Janet -- Janet Swisher Internet: swsh@midway.uchicago.edu University of Chicago Phone: (312) 702-7608 Academic and Public Computing P-mail: 1155 E. 60th St. Chicago IL 60637, USA
dwal@ellis.uchicago.edu (David Walton) (08/10/90)
In article <3624@nisca.ircc.ohio-state.edu> gaynor@hpuxa.ircc.ohio-state.edu (Jim Gaynor) writes: >In article <53318215MES@MSU> 18215MES@MSU.BITNET writes: > > I always recommended Disinfectant, Gatekeeper, and Gatekeeper Aid >to the users I spoke to, and the on-disk documentation I wrote said the >same thing. Especially when one has net access. Why? A number or reasons. The reasons you cited (lack of cost, lack of licensing hassles, effectiveness, and fast updates) are the same reasons I vastly prefer GateKeeper, GateKeeper Aid, and Disinfectant. SAM has the advantage of scanning disks each time they're inserted, but I find GateKeeper/GateKeeper Aid to be easier to use and easier to explain than SAM; I also think the documentation is better (though SAM's manual has some very good sections in it). I've never used Virex, so I can't say anything about it. GateKeeper, GateKeeper Aid, and Disinfectant have always kept my disks clean :-). >| Jim Gaynor - The Ohio State Univ. - IRCC - Facilities Mgmt. - OCES <whew!> -- David Walton Internet: dwal@midway.uchicago.edu University of Chicago { Any opinions found herein are mine, not } Computing Organizations { those of my employers (or anybody else). }
kellogg@prodigal.psych.rochester.edu (Lars Kellogg-Stedman) (08/10/90)
Personally, I consider Disinfectant itself THE best virus
detection/disinfection program written. To me, at least, it appears
to be much better written than SAM, and it works wonderfully under
MultiFinder. As for the INIT - well, it's not configurable, but it
can detect the same viruses as Disinfectant.
The fact that Disinfectant is free is simply an added incentive to use it.
Doesn't John Norstrad have plans to implement search strings in
Disinfectant, like SAM and Virus Detective?
Lars
~ ~ | Lars Kellogg-Stedman | "Software rots if not used"
O-O | kellogg@prodigal.psych.rochester.edu | - The Tao of Programming
| +--------------------------------------+----------------------------------+
-=- | I'm rarely responsible for what I say, do you think anybody else is? barnett@grymoire.crd.ge.com (Bruce Barnett) (08/10/90)
I do not want to endorse either package, but when we have to train people who find MultiFinder confusing, SAM is very nice. It is one package, not three. Keeping people up to date is easier. The "Allow, Deny, Learn" option is very important, and easy to teach. When the boss's boss's boss's secretary is confused, everyone suffers. -- Bruce G. Barnett barnett@crd.ge.com uunet!crdgw1!barnett
pollock@ziggy.EDU (Wayne Pollock) (08/10/90)
It seems that the feature of SAM that its supporters like the best is the automatic scanning of inserted floppies. Did you guys know that VirusDetective also can automatically scan floppies when inserted? Jeff Shulman also sends out postcards whenever a new virus is discovered; since VirusDetective works by using a kind of script language, Jeff puts the script to detect the new virus right on the postcard. You just type it into VD and you are protected right away. (Then just sit back and wait for the new Disinfectant to come out.) I use the Disinfectant Init to protect my system (John claims you don't need Gatekeeper Aid when using his init), but I do worry about one thing: since this init is the last init loaded, does this mean it can't protect the system from other, evil inits? Why can't the Disinfectant Init be loaded first? Wayne Pollock (The MAD Scientist) Internet: pollock@ziggy.csee.usf.edu GEnie: W.POLLOCK
roy@phri.nyu.edu (Roy Smith) (08/11/90)
kellogg@prodigal.psych.rochester.edu.UUCP (Lars Kellogg-Stedman) writes: > Personally, I consider Disinfectant itself THE best virus > detection/disinfection program written. I'll go along with that. I urge everybody here to install it on their machines (perhaps urge is not a strong enough word). The one thing I wish it had, however, was some way to customize the alert box it uses when it finds an infected disk. I would like to augment the generic message with something like "If you do not understand what this means, please call Roy Smith at x822 for help". -- Roy Smith, Public Health Research Institute 455 First Avenue, New York, NY 10016 roy@alanine.phri.nyu.edu -OR- {att,cmcl2,rutgers,hombre}!phri!roy "Arcane? Did you say arcane? It wouldn't be Unix if it wasn't arcane!"
carlo@osprey.cvs.rochester.edu (Carlo Tiana) (08/12/90)
In article <8898@ur-cc.UUCP> kellogg@prodigal.psych.rochester.edu.UUCP (Lars Kellogg-Stedman) writes: >Personally, I consider Disinfectant itself THE best virus >detection/disinfection program written. To me, at least, it appears > ... Hear, hear!!! > ... >Doesn't John Norstrad have plans to implement search strings in >Disinfectant, like SAM and Virus Detective? >Lars Yeah, and maybe disk scanning on insertion - then noone will have any reason to use anything else any longer! carlo@cvs.rochester.edu
dwl@sandstorm.Berkeley.EDU (David Lee) (08/12/90)
It seems nobody has seen, at least not mentioned, the virus program Rival. It is a really slick CDEV and what I think is the best. It is a CDEV that works in the background like INITs and can also check disks like an application, all in one which makes it really convenient. And it also has online help, virus info, and some neat sound effects. I personally use Disinfectant because it's free and takes care of all my needs. But in the "money is no object" category, I nominate Rival. I think Macconection has Rival for $50 or something like that. BTW, if I remember correctly, Rival takes up around 100K less disk space than Disinfectant. David dwl@ocf.Berkeley.EDU
jln@acns.nwu.edu (John Norstad) (08/13/90)
I was on vacation for a week in Northern Michigan, and returned to find this interesting thread about my Disinfectant 2.0 vs. SAM. Here's my comments... The main advantages of the commercial anti-viral products are telephone support and upgrade services (the kind of upgrade service where you automatically receive new versions through the mail, for a fee). I cannot offer either of these services. I do most of my work on Disinfectant in my spare time, and I have no secretaries or other support staff. I simply don't have the time to talk to people on the phone, and I can't afford to pay for massive disk mailings. (Somebody mentioned that I have grant money for my work on Disinfectant - this isn't true). Another plus for SAM is that the SAM Intercept protection INIT is much stronger and more powerful than the new Disinfectant 2.0 INIT. SAM Intercept includes a very thorough "general purpose suspicious activity monitor" which sometimes can catch even unknown viruses. My INIT is much, much more modest. I make no attempt at all to catch unknown viruses - I only catch the currently known ones. Chris Johnson's GateKeeper is an excellent freeware alternative to SAM Intercept which also has a thorough general purpose suspicious activity monitor. The advantages of the Disinfectant INIT are that it is very small (less that 1.5K of system heap space, and less than 5K on disk!!!!), it is completely unobtrusive, and it is very efficient. Many people mentioned that SAM Intercept can be configured to automatically scan floppies when they are inserted, and they mentioned this as an "advantage." I don't see this as an advantage at all - I hate that feature! I find it obtrusive, ineffecient, and incredibly annoying! The main purpose of a virus protection INIT is to block attempts by viruses to spread, and to inform the user when such an attempt is made. My INIT does this at the initial point of attack by the virus. There's no need to waste time scanning each floppy as it's inserted to accomplish this basic goal. I refuse to use any INIT or feature of an INIT which significantly slows down my Mac! The main advantages of Disinfectant 2.0 are that it's free, and that it is well-supported. When a new virus is discovered, all of the authors of the major anti-viral utilities (commercial, shareware, and freeware) work together to analyze it and test it. We usually manage to get new versions of our programs ready for release within a few days of the discovery of a new virus. The difference between Disinfectant and the commerical programs is that when I finish a new version, I immediately put it up on the nets for the public. The commercial authors have to send their new versions to their publishers, who then have to prepare a mailing. Customers of the commercial products usually don't actually receive new disks in the mail for a few weeks. The biggest advantage of Disinfectant is for Universities and other organizations who cannot afford huge site license fees for the commercial products. That's why I wrote it in the first place. Individuals can usually easily afford to purchase a single copy of SAM or Virex or Rival or whatever, but Universities cannot usually easily afford the large site license fees. When we (Northwestern University) checked into site license fees before I wrote Disinfectant, we found that it would cost us nearly a third of our yearly software acquisition budget! All of the major anti-viral programs do a good job of scanning, detection, and repair of the known viruses. The Disinfectant manual is by far the very best source of information on Macintosh viruses available anywhere. We've always felt that the manual is at least as important as the program, and we've worked just as hard on it as on the program. Misinformation about viruses is a major problem, and in recent months I've become convinced that in many cases inappropriate reactions to the virus problem are doing more harm than the viruses themselves. I like the Disinfectant human interface better than that of any of my competitors. I tried to keep it clean and simple. In summary: For universities and other organizations strapped for funds, I recommend Disinfectant. For individuals who are active in the electronic Mac community and have access to electronic sources of freeware and shareware, Disinfectant is fine (together with GateKeeper if you want the strongest possible protection INIT). For other individuals, I recommend a commercial product with an upgrade service. I've heard more than once that some companies have decided to use SAM or Virex rather than Disinfectant because their lawyers want to be able to sue somebody if something goes wrong (I'm not kidding). For these people, I strongly recommend one of the commercial products :-) John Norstad Academic Computing and Network Services Northwestern University jln@acns.nwu.edu Q: Why does California have more lawyers than New Jersey? A: New Jersey got to pick first, and they chose toxic waste.
swsh@ellis.uchicago.edu (Janet M. Swisher) (08/13/90)
In article <1990Aug10.212526.14408@phri.nyu.edu> roy@phri.nyu.edu (Roy Smith) writes: >> Personally, I consider Disinfectant itself THE best virus >> detection/disinfection program written. > I'll go along with that. [...] The one thing I >wish it had, however, was some way to customize the alert box it uses when >it finds an infected disk. I would like to augment the generic message >with something like "If you do not understand what this means, please call >Roy Smith at x822 for help". Just in case you didn't know, SAM does have this feature. Which, again, makes it a great package to buy, IF you can afford to buy it for all your users. Janet -- Janet Swisher Internet: swsh@midway.uchicago.edu University of Chicago Phone: (312) 702-7608 Academic and Public Computing P-mail: 1155 E. 60th St. Chicago IL 60637, USA "It's all just stuff, but some stuff is better than other stuff." R. McClamrock
ddaniel@lindy.stanford.edu (D. Daniel Sternbergh) (08/14/90)
In article <10750@accuvax.nwu.edu> jln@acns.nwu.edu (John Norstad) writes: >Many people mentioned that SAM Intercept can be configured to >automatically scan floppies when they are inserted, and they mentioned >this as an "advantage." I don't see this as an advantage at all - I hate >that feature! I find it obtrusive, ineffecient, and incredibly annoying! >The main purpose of a virus protection INIT is to block attempts by >viruses to spread, and to inform the user when such an attempt is made. >My INIT does this at the initial point of attack by the virus. There's no >need to waste time scanning each floppy as it's inserted to accomplish >this basic goal. I refuse to use any INIT or feature of an INIT which >significantly slows down my Mac! Hear, hear! And for anyone who has a "my Mac" this is a wonderful feature of Disinfectant. However, as administrator of two small clusters, I've seen too many more naive users who need their stuff ("and I need it NOW") and either don't know what the incessant beeping is or choose to ignore it. The cost of that few seconds for a forced scan is a small price for me to exact in exchange for pretty secure protection and near-guarantee that you won't leave the cluster with unwanted stuff you didn't come with. In addition, in order to cut down on the number of infected disks travelling around in general, forcing users to clean their disk or have it spit out (we provide both SAM and Disinfectant, the latter for the human interface) seems worthwhile. >I like the Disinfectant human interface better than that of any of my >competitors. I tried to keep it clean and simple. And did a beautiful job. I keep a copy of Disinfectant on each machine, and encourage people to take it for their own use. == Daniel == --------------------------- D. Daniel Sternbergh ddaniel@lindy.stanford.edu
DARWEES@gecrdvm1.crd.ge.com (08/15/90)
In an office situation, I would still tend to believe that Disinfectant is easi er to keep up-to-date with. 1) There is no Money or licensing fee therefore Disinfectant may be placed on a public fileserver and all Macintosh users can be told that it is there while SAM costs many $$ per machine. 2) You're going to have to tell the users how to use the program no matter which you use and Disinfectant is much easier to learn (Especially with the SAM intercept Control Panel options AND an Application). 3) Updates are much quicker and less expensive via FTP for Disinfectant. 4) Both SAM and Disinfectant work well although some earlier versions of SAM h ad a bug or 2. 5) The Disinfectant Init takes up MUCH less memory than SAM intercept, yet is still very functional. 6) Installation is not really more difficult for SAM, but you have to set up al l the options or the SAM init is not as effective. Maybe it's just personal preference, but I believe that using Disinfectant inst ead of SAM can save a lot of money for the same-if not better-results. -Mike Darweesh darwees@gecrdvm1.bitnet weesh@crd.ge.com